June 24 Update: It seems that there were errors made. Rene Ritchie reports:
Update: Apple has provided me with the following statement, which should close the door on speculation surrounding this purported exploit:
“The recent report about a passcode bypass on iPhone was in error, and a result of incorrect testing”
Read more on iMore.
Zack Whittaker reports:
A security researcher has figured out how to brute force a passcode on any up-to-date iPhone or iPad, bypassing the software’s security mechanisms.
Since iOS 8 rolled out in 2014, all iPhones and iPads have come with device encryption. Often protected by a four- or six-digit passcode, a hardware and software combination has made it nearly impossible to break into an iPhone or iPad without cooperation from device owner.
And if the wrong passcode is entered too many times, the device gets wiped.
But Matthew Hickey, a security researcher and co-founder of cybersecurity firm Hacker House, found a way to bypass the 10-time limit and enter as many codes as he wants — even on the latest version of iOS 11.3.
Read more on ZDNet.
A demonstration that Hickey uploaded to Vimeo:
Apple iOS “Erase data” bypass attack from Hacker Fantastic on Vimeo.
Good work.